===================================================================== CERT-Renater Note d'Information No. 2014/VULN156 _____________________________________________________________________ DATE : 12/08/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Internet Explorer. ====================================================================== KB2976627 https://technet.microsoft.com/library/security/ms14-051 ______________________________________________________________________ Microsoft Security Bulletin MS14-051 - Critical Cumulative Security Update for Internet Explorer (2976627) Published: August 12, 2014 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed and twenty-five privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. Affected Software Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 Vulnerability Information Multiple Internet Explorer Elevation of Privilege Vulnerabilities Multiple elevation of privilege vulnerabilities exist in Internet Explorer. An attacker who successfully exploited these vulnerabilities could elevate privileges in affected versions of Internet Explorer. These vulnerabilities by themselves do not allow arbitrary code to be run. However, these vulnerabilities could be used in conjunction with another vulnerability (e.g., a remote code execution vulnerability) that could take advantage of the elevated privileges when running arbitrary code. To view any of these vulnerabilities as a standard entry in the Common Vulnerabilities and Exposures list, click a link in the following table: Vulnerability title CVE number Internet Explorer Elevation of Privilege Vulnerability CVE-2014-2817 Internet Explorer Elevation of Privilege Vulnerability CVE-2014-2819 Multiple Memory Corruption Vulnerabilities in Internet Explorer Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. To view any of these vulnerabilities as a standard entry in the Common Vulnerabilities and Exposures list, click a link in the following table: Vulnerability title CVE number Internet Explorer Memory Corruption Vulnerability CVE-2014-2774 Internet Explorer Memory Corruption Vulnerability CVE-2014-2784 Internet Explorer Memory Corruption Vulnerability CVE-2014-2796 Internet Explorer Memory Corruption Vulnerability CVE-2014-2808 Internet Explorer Memory Corruption Vulnerability CVE-2014-2810 Internet Explorer Memory Corruption Vulnerability CVE-2014-2811 Internet Explorer Memory Corruption Vulnerability CVE-2014-2818 Internet Explorer Memory Corruption Vulnerability CVE-2014-2820 Internet Explorer Memory Corruption Vulnerability CVE-2014-2821 Internet Explorer Memory Corruption Vulnerability CVE-2014-2822 Internet Explorer Memory Corruption Vulnerability CVE-2014-2823 Internet Explorer Memory Corruption Vulnerability CVE-2014-2824 Internet Explorer Memory Corruption Vulnerability CVE-2014-2825 Internet Explorer Memory Corruption Vulnerability CVE-2014-2826 Internet Explorer Memory Corruption Vulnerability CVE-2014-2827 Internet Explorer Memory Corruption Vulnerability CVE-2014-4050 Internet Explorer Memory Corruption Vulnerability CVE-2014-4051 Internet Explorer Memory Corruption Vulnerability CVE-2014-4052 Internet Explorer Memory Corruption Vulnerability CVE-2014-4055 Internet Explorer Memory Corruption Vulnerability CVE-2014-4056 Internet Explorer Memory Corruption Vulnerability CVE-2014-4057 Internet Explorer Memory Corruption Vulnerability CVE-2014-4058 Internet Explorer Memory Corruption Vulnerability CVE-2014-4063 Internet Explorer Memory Corruption Vulnerability CVE-2014-4067 ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================